HTTP Status Codes
Three digit numbers that tell you what happened with your request.
The ranges
| Range | Category | Meaning |
|---|---|---|
| 1xx | Informational | Hold on… |
| 2xx | Success | Here you go |
| 3xx | Redirection | Go somewhere else |
| 4xx | Client Error | You messed up |
| 5xx | Server Error | Server messed up |
Common codes
2xx - Success
- 200 OK - It worked. Standard success.
- 201 Created - Resource created (usually POST response)
- 204 No Content - Success, but nothing to return (common for DELETE)
3xx - Redirection
- 301 Moved Permanently - URL changed forever
- 302 Found - Temporary redirect
- 304 Not Modified - Cached version is still good
- 307 Temporary Redirect - Like 302 but keeps HTTP method
4xx - Client errors
- 400 Bad Request - Malformed request. Check your JSON/params.
- 401 Unauthorized - Not authenticated. (Should be called “Unauthenticated”)
- 403 Forbidden - Authenticated but not allowed.
- 404 Not Found - Resource doesn’t exist.
- 405 Method Not Allowed - Wrong HTTP verb
- 409 Conflict - Conflicts with current state
- 422 Unprocessable Entity - Valid JSON but semantically wrong
- 429 Too Many Requests - Rate limited. Slow down.
5xx - Server errors
- 500 Internal Server Error - Generic “something broke”
- 502 Bad Gateway - Proxy couldn’t reach upstream
- 503 Service Unavailable - Server overloaded or down
- 504 Gateway Timeout - Proxy timed out
Common confusion
401 vs 403:
- 401 = “Who are you?” (need to log in)
- 403 = “I know who you are, but no” (logged in, not authorized)
400 vs 422:
- 400 = Can’t even parse your request
- 422 = Parsed it, but the data is invalid
Quick debug guide
| Code | First thing to check |
|---|---|
| 400 | Your request body/params |
| 401 | Auth token present and valid? |
| 403 | Do you have the right permissions? |
| 404 | URL correct? Resource exists? |
| 500 | Server logs |
| 502 | Is upstream service running? |
| 503 | Is server overloaded/deploying? |
| 504 | Is upstream service slow/hanging? |